Establishing network access control can lead to changes in the network
environment. To avoid distruption to end-users, Genian NAC uses a phased
approach to deployment. Based on the experience gained by deploying NAC to many
customers over 10 years, Genians highly recommends the following deployment
steps:

There are many ways to achieve this visibility. We hear from many customers
that they have failed to achieve visibility through the 802.1x access control
method, which has a high degree of implementation complexity. It is very
difficult to establish gradual network access control through 802.1x, because
802.1x is a technology designed for control rather than visibility. This means
that network control must be established before visibility is obtained.

Another method is switch device integration via SNMP / CLI.
This makes it easier to obtain visibility without control.
However, considering compatibility with switch manufacturers and models, as
well as un-managed switch devices, there are still considerable limitations.

To address these complexity and compatibility issues, Genians offers a method
of securing visibility through an independent Network Sensor. The network
sensor is connected to each subnet (broadcast domain) and can be deployed
without changing the existing network environment. Usually, installation and
full visibility can be acheived in under three days.

Genian NAC also provides Agent software for greater visibility into Windows
and MacOS operating systems. It can be installed on the user's system to
collect information (operating system / hardware / software / update, etc.)
desired by the administrator.

Once the visibility of the IT assets is established, the next step is to
classify known assets. Genian NAC offers more than 500 different conditions for
grouping assets. Node group membership updates in real time as the status of
the node changes.

Ideally, groups are defined by multiple perspectives, such as who the intended
user is, what kind of device the node is,or what subnet the nodes are part of.
To this end, various additional information such as manufacturer / product name
/ model information, connection method, and more are provided by Genian NAC's
Device Platform Intelligence.

In addition to administrative classification, classification of devices that
violate security regulations is also very important.

In general, groups may be configured for:

Devices that are not assets of the company are connected to the network
(personal devices)

Once an IT security policy is established, control of the device that violates
it is required. Becasue it is not easy to control all identified violation
devices at once Genian NAC provides a step-by-step, automated approach.

The Agent is equipped with a variety of control action plug-ins to
automatically process various security settings and configurations without user
intervention. The Captive Web Portal (CWP) can also guide you through the tasks
you need to perform, such as guest user on-boarding.

After removing the known unauthorized device through the above steps and
completing the necessary security measures for the user's device, the remaining
task is to continuously monitor whether the security regulations are complied
with, and to control network access by the devices that violate the
regulations. At this stage, various control methods can be selected according
to the network environment and required security level. Genian NAC provides a
variety of controls for this.